Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Do we have sample data for Splunk Enterprise security app ?

vikas_gopal
Builder
‎09-27-2016 04:47 AM

Hi Experts,

I have Splunk ES app, do we have any sample data which I can feed and present it using ES app. Please suggest any other alternative if we do not have sample data .Right now all the dashboards and panels are empty . I am aware that this app uses data models to show data , I am afraid i am not aware that how i can insert data using these models.

Thanks
Vikas

0 Karma
Reply

mcronkrite_splu
Splunk Employee
Splunk Employee
‎10-04-2016 02:42 PM

You can also use the ES Sandbox to check out what data populates ES. It's quick free and easy.
http://blogs.splunk.com/tag/es-sandbox/ ,Also you can sign up for a Sandbox instance that has data flowing. It's great because you don't have to wait for data or configure eventgen. http://blogs.splunk.com/tag/es-sandbox/

Reply

vikas_gopal
Builder
‎09-27-2016 05:06 AM

Thanks for the quick response , so once I generate sample logs can I directly feed them to ES app or still they need some configuration ?

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎09-27-2016 05:12 AM

If the data has an TA that is CIM compliant, it will feed directly in ES (you can see in Splunk base if an app is CIM compliant or not). Otherwise, you will have to normalize the data by yourself.

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎09-27-2016 05:04 AM

Hello,

As said before, the datagen, with some apps that contains samples will automatically generate data that will feed the datamodel.

Otherwise, you can also try the demo sandbox here: https://www.splunk.com/getsplunk/es_sandbox .

0 Karma
Reply

Splunker
Communicator
‎09-27-2016 04:59 AM

Hi Vikas,

Sure, the Splunk EventGen (Event Generator) app https://splunkbase.splunk.com/app/1924/ can generate logs to light up ES dashboards.

Not sure if it'll work with Splunk Cloud (not sure if you have ES on-prem or in Splunk Cloud), but EventGen is the app to generate dummy logs to allow you to explore ES.

Hope it helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...